Google Image Search Malware on the Rise
There was a spike in malware activity across various portions of the Solutionary client-base this month, prompting an alert be distributed by Solutionary’s Security Engineering Research Team (SERT). The majority of recent cases observed appear to have arisen from users performing Google Image Searches, which then resulted in end users being socially engineered into downloading fake antivirus software. The software, as it turns out, appears to be malicious where hosts have been compromised by a Java-based variant dubbed WhiteSmoke. In addition to the response of disseminating the advisory, the Solutionary SERT has developed and deployed a custom IDS signature set to detect communications with a growing list of 400+ known malicious websites. In such cases as this where the vectors for such malware propagation are numerous, Solutionary advises that in addition to the implementation and maintenance of software patches and antivirus signatures, communication and user education be used to fight this pervasive threat.
LulzSec - A Threat Represented
There was notable press as a result of antics from a spin-off of the Anonymous hacker group. This new group, named LulzSec has purportedly taken credit for attacks on such notable targets as Arizona Department of Public Safety Databases and the CIA website. These and other reportedly successful attacks are suggested to have been carried out as simple Denial of Service and/or SQL Injection attacks. This issue is considered noteworthy, not because of the press coverage on the matter, but rather as a result of the simplicity of the attacks carried out. While such malicious groups will come and go, their techniques continue to evolve and the delivery of attacks only appears to getting easier. As such, the confidence of such groups appears to be increasing, suggesting that such lessons observed in the HBGary incident may be revisited in future cases. With the proliferation of ever increasingly effective tools such as LIOC and the BlackHole exploit framework, Solutionary cautions vigilance when considering the increasing number of such attacks, and advises that neither the threat, nor the parties involved be underestimated. Solutionary advises regular review and testing of your organizations Incident Response protocols to ensure the most efficient and compliant recovery of any such incident.
